[工作日志]生成最新版本的证书认证(访问缺少安全证书时出现的异常)

最新推荐文章于 2024-04-15 16:00:00 发布
最新推荐文章于 2024-04-15 16:00:00 发布
阅读量474 收藏
点赞数
文章标签: java
原文链接:https://my.oschina.net/u/1579678/blog/647086
版权

PKIX path building failed问题:
在执行webservice访问:192.168.1.20:636,出现如下异常:
----------------------------------------------------------------------------------------------------------
初始化失败:javax.naming.CommunicationException: simple bind failed: 192.168.1.20:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
添加用户失败:javax.naming.NoInitialContextException: Need to specify class name in environment or system property, or as an applet parameter, or in an application resource file: java.naming.factory.initial
添加密码失败:javax.naming.NoInitialContextException: Need to specify class name in environment or system property, or as an applet parameter, or in an application resource file: java.naming.factory.initial
添加属性值失败:memberOf:archermind--javax.naming.NoInitialContextException: Need to specify class name in environment or system property, or as an applet parameter, or in an application resource file: java.naming.factory.initial
添加属性值失败:memberOf:archermind-01--javax.naming.NoInitialContextException: Need to specify class name in environment or system property, or as an applet parameter, or in an application resource file: java.naming.factory.initial
添加属性值失败:memberOf:Proxy100--javax.naming.NoInitialContextException: Need to specify class name in environment or system property, or as an applet parameter, or in an application resource file: java.naming.factory.initial
初始化失败:javax.naming.CommunicationException: simple bind failed: 192.168.1.20:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
添加属性值失败:memberOf:nanjing--javax.naming.NoInitialContextException: Need to specify class name in environment or system property, or as an applet parameter, or in an application resource file: java.naming.factory.initial
-----------------------------------------------------------------------------------------------------------
原因分析:这是192.168.1.20:636访问缺少安全证书时出现的异常
解决方案:在服务器上,利用一个专门获取安全证书的程序,参考InstallCert.java,将安全证书复制到服务器/usr/lib/java/jdk1.6.0_33/jre/lib/security下:
首先进入到InstallCert.java文件目录下:
1,执行javac InstallCert.java   (重点:都是在服务器上执行)
2,执行 java InstallCert hostname 比如 (重点:都是在服务器上执行)
   java InstallCert 192.168.1.20:636
3,会看到如下信息:
××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××
java InstallCert ecc.fedora.redhat.com
Loading KeyStore /usr/lib/java/jdk1.6.0_33/jre/lib/security/cacerts...
Opening connection to ecc.fedora.redhat.com:443...
Starting SSL handshake...

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:846)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1038)
at InstallCert.main(InstallCert.java:63)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145)
at sun.security.validator.Validator.validate(Validator.java:203)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172)
at InstallCert$SavingTrustManager.checkServerTrusted(InstallCert.java:158)
at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:839)
... 7 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:236)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216)
... 13 more

Server sent 2 certificate(s):

1 Subject CN=ecc.fedora.redhat.com, O=example.com, C=US
   Issuer CN=Certificate Shack, O=example.com, C=US
   sha1    2e 7f 76 9b 52 91 09 2e 5d 8f 6b 61 39 2d 5e 06 e4 d8 e9 c7
   md5     dd d1 a8 03 d7 6c 4b 11 a7 3d 74 28 89 d0 67 54

2 Subject CN=Certificate Shack, O=example.com, C=US
   Issuer CN=Certificate Shack, O=example.com, C=US
   sha1    fb 58 a7 03 c4 4e 3b 0e e3 2c 40 2f 87 64 13 4d df e1 a1 a6
   md5     72 a0 95 43 7e 41 88 18 ae 2f 6d 98 01 2c 89 68

Enter certificate to add to trusted keystore or 'q' to quit: [1]
3.输入1,然后直接回车,会在相应的目录下产生一个名为‘jssecacerts’的证书。
××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××
4,将证书copy到$JAVA_HOME/jre/lib/security目录下(重点:都是在服务器上执行)
5,注意:因为是静态加载,所以要重新启动你的Web Server,证书才能生效。
××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××
×××××××××××××××××InstallCert.java代码如下:*×××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××
××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××


import java.io.BufferedReader;  
import java.io.File;  
import java.io.FileInputStream;  
import java.io.FileOutputStream;  
import java.io.InputStream;  
import java.io.InputStreamReader;  
import java.io.OutputStream;  
import java.security.KeyStore;  
import java.security.MessageDigest;  
import java.security.cert.CertificateException;  
import java.security.cert.X509Certificate;  
 
import javax.net.ssl.SSLContext;  
import javax.net.ssl.SSLException;  
import javax.net.ssl.SSLSocket;  
import javax.net.ssl.SSLSocketFactory;  
import javax.net.ssl.TrustManager;  
import javax.net.ssl.TrustManagerFactory;  
import javax.net.ssl.X509TrustManager;  

public class InstallCert {
    
     public static void main(String[] args) throws Exception {  
            String host;  
            int port;  
            char[] passphrase;  
            if ((args.length == 1) || (args.length == 2)) {  
                String[] c = args[0].split(":");  
                host = c[0];  
                port = (c.length == 1) ? 443 : Integer.parseInt(c[1]);  
                String p = (args.length == 1) ? "changeit" : args[1];  
                passphrase = p.toCharArray();  
            } else {  
                System.out  
                        .println("Usage: java InstallCert <host>[:port] [passphrase]");  
                return;  
            }  
      
            File file = new File("jssecacerts");  
            if (file.isFile() == false) {  
                char SEP = File.separatorChar;  
                File dir = new File(System.getProperty("java.home") + SEP + "lib"  
                        + SEP + "security");  
                file = new File(dir, "jssecacerts");  
                if (file.isFile() == false) {  
                    file = new File(dir, "cacerts");  
                }  
            }  
            System.out.println("Loading KeyStore " + file + "...");  
            InputStream in = new FileInputStream(file);  
            KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());  
            ks.load(in, passphrase);  
            in.close();  
      
            SSLContext context = SSLContext.getInstance("TLS");  
            TrustManagerFactory tmf = TrustManagerFactory  
                    .getInstance(TrustManagerFactory.getDefaultAlgorithm());  
            tmf.init(ks);  
            X509TrustManager defaultTrustManager = (X509TrustManager) tmf  
                    .getTrustManagers()[0];  
            SavingTrustManager tm = new SavingTrustManager(defaultTrustManager);  
            context.init(null, new TrustManager[] { tm }, null);  
            SSLSocketFactory factory = context.getSocketFactory();  
      
            System.out  
                    .println("Opening connection to " + host + ":" + port + "...");  
            SSLSocket socket = (SSLSocket) factory.createSocket(host, port);  
            socket.setSoTimeout(10000);  
            try {  
                System.out.println("Starting SSL handshake...");  
                socket.startHandshake();  
                socket.close();  
                System.out.println();  
                System.out.println("No errors, certificate is already trusted");  
            } catch (SSLException e) {  
                System.out.println();  
                e.printStackTrace(System.out);  
            }  
      
            X509Certificate[] chain = tm.chain;  
            if (chain == null) {  
                System.out.println("Could not obtain server certificate chain");  
                return;  
            }  
      
            BufferedReader reader = new BufferedReader(new InputStreamReader(  
                    System.in));  
      
            System.out.println();  
            System.out.println("Server sent " + chain.length + " certificate(s):");  
            System.out.println();  
            MessageDigest sha1 = MessageDigest.getInstance("SHA1");  
            MessageDigest md5 = MessageDigest.getInstance("MD5");  
            for (int i = 0; i < chain.length; i++) {  
                X509Certificate cert = chain[i];  
                System.out.println(" " + (i + 1) + " Subject "  
                        + cert.getSubjectDN());  
                System.out.println("   Issuer  " + cert.getIssuerDN());  
                sha1.update(cert.getEncoded());  
                System.out.println("   sha1    " + toHexString(sha1.digest()));  
                md5.update(cert.getEncoded());  
                System.out.println("   md5     " + toHexString(md5.digest()));  
                System.out.println();  
            }  
      
            System.out  
                    .println("Enter certificate to add to trusted keystore or 'q' to quit: [1]");  
            String line = reader.readLine().trim();  
            int k;  
            try {  
                k = (line.length() == 0) ? 0 : Integer.parseInt(line) - 1;  
            } catch (NumberFormatException e) {  
                System.out.println("KeyStore not changed");  
                return;  
            }  
      
            X509Certificate cert = chain[k];  
            String alias = host + "-" + (k + 1);  
            ks.setCertificateEntry(alias, cert);  
      
            OutputStream out = new FileOutputStream("jssecacerts");  
            ks.store(out, passphrase);  
            out.close();  
      
            System.out.println();  
            System.out.println(cert);  
            System.out.println();  
            System.out  
                    .println("Added certificate to keystore 'jssecacerts' using alias '"  
                            + alias + "'");  
        }  
      
        private static final char[] HEXDIGITS = "0123456789abcdef".toCharArray();  
      
        private static String toHexString(byte[] bytes) {  
            StringBuilder sb = new StringBuilder(bytes.length * 3);  
            for (int b : bytes) {  
                b &= 0xff;  
                sb.append(HEXDIGITS[b >> 4]);  
                sb.append(HEXDIGITS[b & 15]);  
                sb.append(' ');  
            }  
            return sb.toString();  
        }  
      
        private static class SavingTrustManager implements X509TrustManager {  
      
            private final X509TrustManager tm;  
            private X509Certificate[] chain;  
      
            SavingTrustManager(X509TrustManager tm) {  
                this.tm = tm;  
            }  
      
            public X509Certificate[] getAcceptedIssuers() {  
                throw new UnsupportedOperationException();  
            }  
      
            public void checkClientTrusted(X509Certificate[] chain, String authType)  
                    throws CertificateException {  
                throw new UnsupportedOperationException();  
            }  
      
            public void checkServerTrusted(X509Certificate[] chain, String authType)  
                    throws CertificateException {  
                this.chain = chain;  
                tm.checkServerTrusted(chain, authType);  
            }  
        }  

}
××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××

转载于:https://my.oschina.net/u/1579678/blog/647086

chengong4276
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
installcert.java_Java生成证书工具类 InstallCert.java解决httpClient访问https出错:PKIX path building failed...
weixin_29790771的博客
02-13 438
编译:javac InstallCert.java运行:java InstallCert 要访问的网址最后面会输出:Enter certificate to add to trusted keystore or 'q' to quit: [1]输入1,然后直接回车,会在相应的目录下产生一个名为‘jssecacerts’的证书。将证书copy到$JAVA_HOME/jre/lib/security目...
解决Java调用Azure SDK证书错误javax.net.ssl.SSLHandshakeException
weixin_30460489的博客
12-05 1161
Azure作为微软的公有云平台,提供了非常丰富的SDK和API让开发人员可以非常方便的调用的各项服务,目前除了自家的.NET, Java, Python, nodeJS, Ruby,PHP等语言都提供支持,详细的文档说明请参考: https://azure.microsoft.com/en-us/documentation/ 然而在使用过程中,以Java语言为例,在初始调用Azure SDK...
已解决java.security.cert.CertificateException: 证书异常的正确解决方法,亲测有效!!!
最新发布
小明的Java问道之路
04-15 2570
已解决java.security.cert.CertificateException: 证书异常的正确解决方法,亲测有效!!!
Https java信任_java开发https请求ssl不受信任问题解决方法
weixin_39968823的博客
02-12 739
本文主要讨论的是java开发https请求ssl不受信任的解决方法,具体分析及实现代码如下。在java代码中请求https链接的候,可能会报下面这个错误javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.pro...
Https请求不信任服务器的证书报错解决方案
君子为猿的博客
07-11 2654
调用第三方系统Https接口出现报错信息如下: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at
java开发https请求ssl不受信任问题
热门推荐
灵魂Coder的专栏
03-18 2万+
java代码中请求https链接的候,可能会报下面这个错误 javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException
可运营的SSL证书在线生成系统源码,附带图文搭建教程
01-12
SSL证书是网络安全领域中的...综上所述,这个“可运营的SSL证书在线生成系统源码”为管理员和用户提供了一套完整的解决方案,从证书申请到证书管理,全程在线操作,大大简化了SSL证书的获取流程,提高了网站的安全性。
vb6.0 动态生成控件和异常处理日志
01-02
在VB6.0编程环境中,动态生成控件和异常处理日志是两个关键的技术点,它们对于提升程序的灵活性和可维护性具有重要意义。本文将深入探讨这两个主题,并提供实践指导。 首先,让我们来理解动态生成控件的概念。在VB...
IIS下调用证书出现异常的解决方法 (C#)
12-31
通过系统日志找到了错误所在:证书调用出现异常。原因是:在IIS上调用证书是需要配置的,具体配置如下: 一. 确保证书已安装 1. 点击 [开始] -> [运行] -> 键入[mmc] 进入“控制台”界面 -> 选择[文件] -> [添加...
最新PHP资格证书查询系统源码自动生成二维码支持导入和导出功能20210617.zip
07-27
用户扫描二维码即可快速访问证书详情,提高了查询效率。 4. **数据导入导出功能**: 系统支持数据的导入和导出,这对于批量处理证书信息非常有用。导入可能涉及CSV或Excel文件,通过PHP的`fgetcsv`或`PHPExcel`库...
工作日志自动生成软件
11-16
相信对于大部分工作都够用了,工作日志这东西,不创造什么价值,很多人也不重视,但老板希望看到员工的工作进度,希望这款工作日志自动生成软件能帮到大家。 说明: 1. 间隔双击节点可修改内容 2. 选中节点后可...
maven连接不可信仓库
青耕
03-24 1263
自己搭建的maven仓库启用SSL之后证书不受信任 如果连接的话maven便会报错 由于访问maven仓库域名需要安全证书,所以生成一个证书就可以了。 以下是从网上找到的代码: InstallCert.java/* * Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and
把Https网站中的安全证书导入到java的cacerts证书库中
huang552
05-28 333
有两种方式   一. Untitled如何把Https网站中的安全证书导入到java中的cacerts证书库中?在项目开发中,有会遇到与SSL安全证书导入打交道的,如何把证书导入java中的cacerts证书库呢?其实很简单,方法如下:每一步:进入某个https://www.xxx.com开头的网站,把要导入的证书下载过来,在该网页上右键 &gt;&gt; 属性 &gt;&gt; 点击"证...
java PKCS12双向认证
落叶翩翩的CSDN博客
05-04 4774
微信支付-申请退款只是提供了apiclient_cert.p12 jdk需要获取jssecacerts,需要通过生成com.fp.util.InstallCert InstallCert.java如下: package com.fp.util; import java.io.BufferedReader; import java.io.File; import java.io.FileIn
java发送邮件报SSL安全异常解决
blackwhite1992的博客
10-31 1815
阿里云邮箱安全认证,SSL网络安全链接,java发送阿里云邮件
serverhttpsecurity 缺少_解决https安全证书缺少的问题
weixin_39878745的博客
12-31 1046
解决PKIX:unable to find valid certification path to target 的问题问题描述这两天上测试服务器的候突然报这样的异常javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.secur...
iOS逆向小知识:SSLHandshake: Received fatal alert: certificate_unknown的解决方案(Charles分析报文常遇到的问题)
iOS逆向与安全
08-12 2万+
当https 链接的证书得不到Charles证书的信任之后,就会包这个。解决:   可以使用以下openssl命令来获取到服务器的公开二进制证书(以google为例):"openssl s_client -connect www.google.com:443 </dev/null 2>/dev/null | openssl x509 -outform DER > https.cer"让手机去信任c
解决PKIX:unable to find valid certification path to requested target 的问题
yuanlanjun
10-18 4945
注意:本文出自“阿飞”的博客 ,如果要转载本文章,请与作者联系! 并注明来源:&lt;wbr style="margin-top:0px; margin-right:0px; margin-bottom:0px; margin-left:0px; padding-top:0px; padding-right:0px; padding-bottom:0px; padding-le...
java.security.cert.Certificate:No subject alternative DNS name matching api.exmail.qq.com found.解决方法
u011400521的博客
11-15 5760
工作中使用https请求,本地调用正常,放到服务器端运行失败,报错java.security.cert.Certificate:No subject alternative DNS name matching api.exmail.qq.com found 一般错误原因为https证书验证失败 解决方法可以在服务器端导入对应证书,这边使用绕过证书验证的方式解决 get请求: publi...
工控安全职业证书技能实践:系统账户安全权限配置实战.pptx
07-12
"工控安全职业证书技能实践专注于工业互联网网络安全实施,以Linux为例,深入讲解...通过这些实践项目,学员将获得工控安全职业所需的实操经验和理论知识,以便在实际工作中有效地保护工业互联网设备和数据的安全

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值